Granting access to user data is typically performed programmatically. That is, an operating system or web service grants access to the data based on access rights of the user. This model is not very secure, particularly in web-hosted environments in which the user's data is stored on a server that is accessible by many other users or processes. If the security of the server is compromised, the user's data may be accessed without the user's permission or knowledge. The more entities that are involved in handling a user's data, the less secure the data is.